RE: [users@httpd] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 7 Dec 2005, Nick Burch wrote:
I'm also half tempted to try and make that error message more useful. Anyone know much about that area of code, or should I just dive in?
I've done this. I still haven't quite figured out my problem, but I have narrowed it down quite a bit. Now to go investigate why my certificate isn't making it into mc->tPublicCert....
Anyway, this patch will make ssl_engine_init.c produce much more helpful debug when loading certificates: it will let you know what certificates it does load, and if it can't find a RSA or DSA certificate, it'll tell you what ones it does know about. 


--- ssl_engine_init.c.sav	2005-12-09 16:36:21.026192705 +0000
+++ ssl_engine_init.c	2005-12-09 17:17:45.014684541 +0000
@@ -710,11 +710,13 @@
     X509 *cert;

     if (!(asn1 = ssl_asn1_table_get(mc->tPublicCert, id))) {
+		ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+					 "No %s server certificate exists for %s", type, id);
         return FALSE;
     }

     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                 "Configuring %s server certificate", type);
+                 "Configuring %s server certificate for %s", type, id);

     ptr = asn1->cpData;
     if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
@@ -862,6 +864,10 @@
     int i;
     int have_rsa, have_dsa;

+    SSLModConfigRec *mc = myModConfig(s);
+	const void *key;
+	apr_hash_index_t *hi;
+
     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);

@@ -871,6 +877,19 @@
     if (!(have_rsa || have_dsa)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Oops, no RSA or DSA server certificate found?!");
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                "Unable to load certificate for vhost %s",
+				vhost_id);
+
+		// Print out, at debug, what certificates are defined
+		for (hi = apr_hash_first(p, mc->tPublicCert); hi; hi = apr_hash_next(hi)) {
+			apr_hash_this(hi, &key, NULL, NULL);
+			ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+                 "I know about certificate '%s'", key);
+		}
+		ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+			 "No further certificates known about");
+
         ssl_die();
     }


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux